Azure DDOS *** protection capabilities

Enterprise 2020-10-31 00:24:55 views: null

    Today I’m going to talk about Azure’s DDOS protection capabilities. Many people are curious about how to protect against DDOS on Azure. This question actually depends on which Azure you are doing DDOS protection on. If it’s a 21V mooncake, that’s a pity. Currently Mooncake Only basic-level DDOS protection capabilities are provided, which means that the platform-level DDOS of Azure itself is protected. For example, the hacker has hacked a certain service of Azure, such as storage or sql, etc. At this time, Azure can It is resistant to DDOS attacks, but if the attacker is a certain website or service of yours, it is a pity that Mooncake does not currently have this kind of protection method, and it is generally necessary to use third-party products in China. To achieve DDOS protection


    However, in Azure Global, there have always been DDOS protection products provided to users, which can be used directly to protect their own websites or services, which is the Azure DDOS Standard we are going to introduce today. For the specific difference between Basic and standard, please refer to the following figure or link

    https://docs.microsoft.com/zh-cn/azure/ddos-protection/ddos-protection-overview?WT.mc_id=AZ-MVP-5001235


    ddos-comparison.png




    Azure DDOS Standard can protect the following types of***

    

    DDoS protection standards can alleviate the following types of ***:

  •     Capacity exhaustion***: These*** flood the network layer with a lot of seemingly legitimate traffic. They include UDP floods, amplification floods, and other spoofed packet floods. For Azure's global network scale, DDoS protection standards automatically deal with these potential multi-gb VPNs by absorbing and cleaning up.

  •     Protocol***: These*** make the target inaccessible by exploiting loopholes in the layer 3 and layer 4 protocol stack. They include SYN flood***, reflection***, and other protocols***. The DDoS protection standard distinguishes malicious traffic from legitimate traffic and blocks malicious traffic by interacting with the client to mitigate these problems.

  •     Resource (application) layer ***: These *** target Web application data packets to interrupt data transmission between hosts. They include HTTP protocol conflicts, SQL injection, cross-site scripting, and other layer 7***. Use a web application firewall (for example, Azure Application Gateway web application firewall) and DDoS protection standards to prevent these attacks. 


    It can protect public IP addresses associated with virtual machines, load balancers, and application gateways. For specific information, please refer to the following link

    https://docs.microsoft.com/zh-cn/azure/ddos-protection/types-of-attacks?WT.mc_id=AZ-MVP-5001235

   

    It is actually quite simple to protect DDOS in Azure Global. We only need to create the Azure DDOS service and associate it with the virtual network that needs to be protected. The platform will automatically perform possible DDOS*** protection, and we don’t need to do it manually. Anything, there will be a report at the end of the whole process of ***, look at the operation steps below, it is basically very simple


    First, you need to create a DDOS Plan. Different subscriptions can actually share a plan, so there is no need to create each subscription. Azure DDOS is calculated based on the number of protected resources, so it has nothing to do with subscriptions.

    Create directly in DDOS Plan

    Picture 1.png


    There is very little information to fill in

    Picture 2.png



    Next, you can add protected resources. Resources are added as virtual networks. This can be seen to select virtual networks across subscriptions.

    Picture 3.png


    Then you can see the DDOS Plan information in the virtual network options

    Picture 4.png



    After opening DDOS Standard, it seems that there is not much difference on the surface. If you want to know whether you have received DDOS***, you can check it through Metrics in Azure Monitor.

For example, find a protected public IP, and then select Under DDOS or not in metrics here.

    Picture 5.png


    If it is not protected by DDOS, the results will not be displayed when viewing

Picture 6.png



    If you want to see some historical data, you can also turn on in the diag of the protected resource to save the DDOS related data to the storage account or send it to Log Analytics. The data you can see includes

  • ***way

  • Traffic statistics

  • Reasons for dropped packets

  • The agreement involved

  • Top 10 source countries or regions

  • Top 10 source ASNs

    Picture 7.png

Guess you like

Origin blog.51cto.com/mxyit/2545275
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com